Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fda298f72a1983e613b35cb3becd6ad3_JaffaCakes118

  • Size

    130KB

  • Sample

    240929-c4dwnswhjq

  • MD5

    fda298f72a1983e613b35cb3becd6ad3

  • SHA1

    624d8e8c2a0967300cd784b426f2458c260c1ec0

  • SHA256

    aaefbc297b57228834cc15f2a9369ad46bc6ec9a5de09dab594b04e9f0637769

  • SHA512

    bda59edc47edd9cc5ed7e3cf36f47cd6c09155e78071ac35898cfc8257137cfa0df2d3e47a7523bd0d627e2b707134d8fd62033acbc9551e6b2324083a824efe

  • SSDEEP

    3072:Yq6jDD70ClF9yU0kT1mNL9j3FRnOatS2OULqLUe2Mnu:Yq6jDD7v79ytk0V9j1ROatCUcu

Malware Config

Targets

    • Target

      fda298f72a1983e613b35cb3becd6ad3_JaffaCakes118

    • Size

      130KB

    • MD5

      fda298f72a1983e613b35cb3becd6ad3

    • SHA1

      624d8e8c2a0967300cd784b426f2458c260c1ec0

    • SHA256

      aaefbc297b57228834cc15f2a9369ad46bc6ec9a5de09dab594b04e9f0637769

    • SHA512

      bda59edc47edd9cc5ed7e3cf36f47cd6c09155e78071ac35898cfc8257137cfa0df2d3e47a7523bd0d627e2b707134d8fd62033acbc9551e6b2324083a824efe

    • SSDEEP

      3072:Yq6jDD70ClF9yU0kT1mNL9j3FRnOatS2OULqLUe2Mnu:Yq6jDD7v79ytk0V9j1ROatCUcu

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks